NEW DELHI : India’s Star Health is investigating accusations that its chief information security officer played a role in a data leak by a self-styled hacker who used Telegram chatbots and websites to disseminate customers’ medical records and personal data.
The country’s biggest health insurer, Star told Reuters that the official, Amarjeet Khanuja, was co-operating in its investigation into the leak, which has so far turned up no evidence of wrongdoing by him.
The investigation comes after the hacker, an individual dubbed xenZen, publicly asserted on his website that the executive had “sold all this data to me”.
Khanuja, the firm’s chief information security officer (CISO), did not respond to a request for comment.
“Our CISO has been duly co-operating in the investigation and we have not arrived at any finding of wrongdoing by him till date,” Star said in Wednesday’s statement.
Last month Star Health sued Telegram and the hacker after Reuters reported on Sept. 20 that the hacker used chatbots on the messaging app to leak customer details, before setting up websites providing easy access to the data.
Star was trading down 2 per cent on Thursday, and has lost about 6 per cent since the Reuters report.
“We were the victim of a targeted, malicious cyberattack, resulting in unauthorized and illegal access to certain data,” Star said.
Independent cybersecurity experts were leading its forensic investigation, Star added in the statement, and it was also working closely with authorities, to whom it had reported the incident.
Earlier, Star said its initial assessment showed “no widespread compromise”, adding, “Sensitive customer data remains secure.”
A court in Star’s southern home state of Tamil Nadu has granted it a temporary injunction ordering Telegram and the hacker to block any chatbots or websites in India that make the data available online.
Telegram has not commented on the lawsuit, while the hacker has vowed to